Computer Crime Research Center

Cyber Crime: Business as Usual

It is clear that cyber criminality is migrating from amateurs to professionals. One graphic — and somewhat chilling — reminder was posted last week by a McAfee researcher who found a site that actually quoted prices for certain types of stolen data.

Francois Paget said the size of the account and cachet of the institution figured in the pricing. The example offered in this SC Magazine post is an MBNA account carrying $22,000 “retails” at $2,317. The sales come with guarantees: If the buyer can’t access the account or it has been closed, the site will furnish a replacement. Piaget’s initial post is here.

This points to a scenario in which criminal enterprises are so solid and confident that they act like legitimate businesses. The gangs are awash in money – many of it reinvestment of money that they have stolen – while law enforcement has little funding and lacks the unity of purpose enjoyed by criminal gangs.

The story in Canada is virtually identical to the U.S. and Western European nations. This InterGovWorld.com story suggests the crooks are recruiting the best and the brightest kids, just as big business does. The story says that 17 people between the ages of 17 and 26 recently were arrested in connection to cyber crimes in the Montreal area.

This CNN story does a good job of explaining the emergence of an organized cyber criminal underground and provides context for the cat-and-mouse game between the dark side and authorities. The writer says that one group — Rock Phish — is thought to be responsible for more than half of the phishing sites in the world. The site obviously has a lot of bright designers and linguists working for it – just like any multinational. The story says that spams are written in perfect English, German, French and Dutch and that precise counterfeit logos are used.

Companies such as McAfee, of course, are on the front lines in the fight against organized cyber crime. CEO and president Dave DeWalt outlined the latest trends for eChannel Line and other sites and publications last month. The company sees an “alarming” increase in the amount and sophistication of malware and says there have been increasingly sophisticated attacks on government departments and corporations. He said these targets are beginning to tackle cyber security in the same way they traditionally protect physical assets. The emergence of IPv6, DeWalt said, is worrisome because its sophistication creates more more vulnerabilities.

The FBI clearly sees the threat from organized cyber crime. This release from the bureau details cooperative effort — known as the Strategic Alliance Cyber Crime Working Group — between the United States, Australia, Canada, New Zealand and the United Kingdom. The group’s goals are to develop an overview of “transnational” cyber threats; to create a portal for the group to work; to release information bulletins on threats and trends; to consider an experts’ exchange; and to share curricula and provide targeted training.